Configure and verify trunking on Cisco switches
Exam: Cisco 200-120 - Interconnecting Cisco Networking Devices: Accelerated (CCNAX)
VLANs are local to each switch and each switch contains a local VLAN database. To allow communication between switches to pass VLAN information trunk links are used. By default trunk links pass VALN traffic to all the VLAN switches. However, to separate the type of traffic flowing on the network, the trunk ports add VLAN identification to the frames as tags when the traffic travels between switches. Cisco switches use two types of trunking mechanisms ISL(Inter-Switch Link) and IEEE 802.1Q.
The 2960 Cisco Catalyst switches only use IEEE 802.1Q encapsulation method for creating trunks. You need to enable trunking on switches if you want the switches to use trunks.
Consider you have two switches Switch A and Switch B and you need to enable trunking on them, you need to enable trunking on them. To enable trunking on switch A and switch B, you need to write the following code on switches.
Enable trunking on Switch A
// Enter into configuration mode
SwitchA#configure terminal
// Specify the interface to configure
SwitchA (configure)#interface fa0/5
//Set the interface to trunk port. The trunk port will carry the traffic to the VANS configured on the switch.
SwitchA (config-if)#switchport mode trunk
The switchport mode command runs with the following parameters:
- switchport mode access: Use this option to put the switch port interface into permanent a nontrunk interface even if the neighboring interface is a trunk interface. The port would be a dedicated layer 2 port.
- switchport mode dynamic auto: Use this option to make the interface able to convert the interface to a trunk link if desired or if the neighboring interface is set to trunk. This is the default switchport mode.
- switchport mode dynamic desirable: Use this option to make the interface able to actively convert the interface to a trunk link if the neighboring interface is set to trunk, desirable, or auto mode.
- switchport mode trunk: Use this option to put the interface permanently into trunking mode and is able to negotiate and the neighboring link into a trunk link. This can create trunks with other ports in trunk, auto, and desirable modes.
- switchportnonegotiate: Use this option to prevent the interface from generating DTP (Dynamic Trunking Protocol) frames. The option can be used when the interface switchport mode is access or trunk.
Trunking on Layer 3 switches
The above given commands enable trunking on Cisco Catalyst 2960 switches. To configure trunking on 3560 switches that provide layer 3 services, the options are little different. The 3560 switches support both ISL and the IEEE 802.1q encapsulation methods for creating trunks, so you have to specify the encapsulation method that you want to use. The ISL encapsulation method is rarely used and Cisco is moving away from ISL encapsulation method.
Also, remember that trunk links must match the trunking mechanism across trunk links. This means that if you are creating a trunk link between switch A and switch B then both switch A and switch B should be configured with the same trunking mechanism.
To enable trunking on 3560 switches, you need to write code as:
// Check the trunk encapsulation methods available
SwitchA(config-if)#switchport trunk encapsulation ?
//The results show that dot1q (802.1q) and ISL methods are available
dot1q Interface uses only 802.1q trunking encapsulation when trunking
isl Interface uses only ISL trunking encapsulation when trunking
negotiate Device will negotiate trunking encapsulation with peer on interface
// Set the encapsulation method to dot1q
SwitchA(config-if)#switchport trunk encapsulation dot1q
SwitchB(config-if)#switchport trunk encapsulation dot1q
// Set the interface mode to trunk
SwitchA(config-if)#switchport mode trunk
SwitchB(config-if)#switchport mode trunk
Configuring the Trunk Native VLAN
By default the trunk port uses default VLAN (VLAN1) as native VLAN ID. You can use the same VLAN ID if desired. However, it can be configured to a different VLAN ID for security reasons. While configuring the native VLAN IDs you must configure a common native VLAN ID on each port in a trunk. The mismatched VLAN ids may result in spanning-tree loops.
The following code modifies the native VLAN 1 to VLAN 5
switch A # configure terminal
Switch A (configure)#interface fa0/5
switch A(config-if)# switchport trunk native vlan 50
Configuring the Allowed VLANs for Trunking Ports
As discussed earlier, by default the trunks carry traffic from all the active VLANs. This wastes the precious bandwidth because the information is carried to switches that do not require it. To restrict the free flow of VLAN information between active VLANs, you can remove the VLANs that you do not require in a trunk.
While configuring the allowed VLANs for a trunk, make sure that you are configuring the correct interfaces and those interfaces are trunk interfaces.
The code below configures the VLAN range from 5-7 as allowed VLANs for the fa0/5 trunk port:
sswitch A # configure terminal
Switch A (configure)#interface fa0/5
switch A(config-if)# switchport trunk allow vlan 5-7
Verifying VLAN trunk
To verify VLAN trunk configuration, you can use any of the following commands:
switch # show interface : This command displays the interface configuration of a VLAN, as shown in code below:
The code shows two modes, Administrative and Operational. The Administrative state suggests how the interface is configured and Operational state suggests how the interface is operating currently in this case the operation mode trunk suggests that trunk is configured on the switch.
Switch-A# show interface fa0/5 switchport
Name: Fa0/5
Switchport: Enabled
Administrative Mode: dynamic desirable
Operational Mode: trunk
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: dot1q
Negotiation of Trunking: On
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 50 (Native)
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Operational private-vlan: none
Trunking VLANs Enabled: 2-5,10,1002-1005
Pruning VLANs Enabled: 2-1001
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Voice VLAN: none (Inactive)
Appliance trust: none
switch # show interface trunk: This command allows you to check the status of each trunk interface in addition to verifying the trunking configuration.
The code result of the command shows that traffic for VLANs 5-7.
Switch-A# show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/5 on 802.1q trunking 50
Port Vlans allowed on trunk
Fa0/5 5,6,7
Port Vlans allowed and active in management domain
Fa0/5 5,6,7
Port Vlans in spanning tree forwarding state and not pruned
Fa0/5 5,6,7
Troubleshooting a trunk
Sometimes the trunk you create does not work in a desired way and the computers on your VLAN are not able to access VLAN resources. In such a scenario, you need to troubleshoot your trunk. The common configuration errors are:
- Native VLAN mismatch: This configuration error can cause security problems. To troubleshoot, you should first check if VLANs are configured properly and then use show interfaces <interface name >switchport command to check the connectivity details on the port. If you find the Trunking Native Mode VLAN in inactive state then you need to fix the native VLAN mismatch problem by configuring a common native VLAN ID on each port in a trunk.
- Trunk Mode mismatch: This configuration error can cause loss of connectivity and the users of the trunk will not be able to connect each other or access resources on the VLAN. The trunk ports use DTP advertisements to negotiate the state of access with other link port of the trunk. If the trunk mode configured in on a port is incompatible with the trunk port on other switch, there will be connectivity issues. To fix the problem, you need to you need to reconfigure a compatible trunk mode on the switches by using switchport mode trunk command.
- Undesired VLANS are allowed VLANs on trunk: This configuration error may cause uninvited traffic on trunk. You can resolve this problem by first checking the trunk port on the switch using Show interface trunk command and the reconfiguring the trunk port using the switchport trunk allowed vlan command.
Example Question
Which of the following commands would you use to check the status of each trunk interface?
- switch # show interface
- switch # show interface trunk
- switch # show intswitchport
- switch # show
Answer A
The switch # show interface trunk command allows you to check the status of each trunk interface in addition to verifying the trunking configuration.
Related IT Guides
- Configure and verify NTP as a client
- Describe the operation and necessity of using private and public IP addresses for IPv4 addressing
- Determine the technology and media access control method for Ethernet networks
- Identify basic switching concepts and the operation of Cisco switches
- Recognize High availability (FHRP)
- Shutdown unused ports
- Troubleshoot and resolve interVLAN routing problems
- Troubleshoot and resolve routing issues
- Troubleshoot and resolve spanning tree operation issues
- Troubleshoot and resolve trunking problems on Cisco switches
- Troubleshoot and resolve VLAN problems